Data SecurityLiberty University Information Technology

a Summary of Actions

The security engineers at Liberty University work tirelessly to protect the University and its computing users from both internal and external threats.

However, in recent months there have been an increased amount of attempts to compromise users' accounts. IT is doing its part to increase security and better protect the Liberty community as a whole. Below we will discuss a high level view of the following:

Top Security Threats

Plan of Action

Potential Risks/Gaps

Training & Communication

Top Security Threats

Compromised Accounts - When user information such as username and password, are stolen unknowingly.

Social Engineering Attacks - Through the means of deception or impersonation an attacker influences a user to share sensitive information

PLan of ActioN

Acquired a Multi-Factor Authentication System (Purchased and planning to implement this summer) This system will help prevent unauthorized access to network resources. As an added layer of security, users will now be able to verify their identity by entering in a verification code sent to them through their mobile devices.

Encryption on systems(In progress) A program called Sophos will be installed on the computers of staff members with access to sensitive information (projected to be installed on nearly 2,500 computers). It will encrypt, or protect, the data on the hard drive should it be lost or stolen.

Ransomware Prevention(part of FY18 budget and will be implemented next year) Computer malware that installs into our network without detection and then encrypts data which makes it inaccessible unless a ransom is paid. There is an increase of these attacks in the education sector.

Payload Security (Approved and will be purchased in July) This service will scan email attachments and files (payloads) that could install malware which could lead to the unauthorized transfer of data from the users computer. If malicious content is detected, the message will be blocked and the receiver will be notified.

HIGHLIGHT: ON AVERAGE, 1/3 OF EMAILS coming IN ARE BLOCKED

Looking at the chart below, you can preview how many email scams never reach Liberty users. Millions of emails come in on a bi-weekly basis and anywhere from 2.5 to over 5 million are blocked.

Actions Continued:

Advanced Threat Analytics(Implemented and operational as of 4/2017) Provides advanced notification of potential exploits. This service maps out the online activity of Liberty users and routes and sends notifications of suspicious activity.

For example: If a Liberty user logs in from the U.S., accesses a program and then 5 minutes later logs in from outside the country, that activity would be flagged—notifying the security team that there is a high probability that the user’s log-in information has been compromised.

Advanced Threat Protection(Purchased and planning to implement this summer) This system provides the ability to detect, investigate, and respond to advanced attacks and data breaches.

HIGHLIGHT: DURING A 3RD PARTY IT ASSESSMENT THE UNIVERSITY MET 90 OF 94 Best Security OBJECTIVES

Internal Actions and restructure:

Hired a Security Access Control Engineer (Starting May 15th) Thishigh-level engineer will identify and locate all private and highly classification information on the Liberty system and ensure data is protected.

Created the CSIRT (Cyber Security Incident Response Team) This soon to be 7 person team works together to respond to security attacks.

Created the CSIRT Flow Diagram - A highly detailed incident response process developed by the CSIRT in order to resolve a security threat.

The process includes the following stages:

Preparation

Identification

Containment

Eradication

Recovery

Review and Close

Example of the "Identification" stage in the CSIRT Flow Diagram

Potential Risks / Gaps

DLP (Data Loss Prevention) Tool Still Needed (Vendor selection in progress) This tool identifies sensitive information and prevents it from leaving the university network.

Logging Capability Needed - Currently there is limited visibility to see potential exploits as well as limited response capability. Logging would provide IT with historical information that will allow us to look back at what caused an attack and help us prevent them from happening in the future.

Training & Communication

Another important aspect to protecting the University's data is educating the Liberty community on security best practices and keeping them informed of the latest scams.

Visual from communication campaign

The following steps have been taken to keep end users informed and active in protecting both the university's and their personal information.